cancel
Showing results for 
Search instead for 
Did you mean: 

Security Scan Tool, site is compromised with injected JavaScript false positive?

Security Scan Tool, site is compromised with injected JavaScript false positive?

The Magento stores we have setup on the security scan tool have all been flagged as site is compromised with injected JavaScript, however when we view the source files it lists as being infected they haven't been updated since original Magento installation and they match up to newly downloaded versions of the same files. As they have all been flagged on the latest scan for all the same files that have not been edited it seems like a false positive.

 

Any ideas what it is that they think is evidence of a compromise? Or how to stop it being shown as a compromise?

 

The following files are common across different magento stores as being compromised:

/js/prototype/prototype.js
/js/prototype/validation.js
/js/scriptaculous/controls.js

 

Thankyou in advance for any help/advice you can provide.

9 REPLIES

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Hi @samwhitney1993,

 

Which version of Magento are you using?

 

--
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution"

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Hi @Damian Culotta

 

Thankyou for getting back to me, the error does seems to have fixed itself as this is no longer flagging on any of the stores we have setup on the security tool.

 

The error was showing across several versions: 1.7.0.2, 1.8.1 and 1.9.2.1. All of which had up to date patches installed.

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Hi @samwhitney1993,

 

I've saw a similar message in a scan result of a store with all the patches (so I can't explain the result)

Maybe @sherrie can point us in the right direction. I'm not sure where or who we can ask or comment this kind of issues with the Security Scan.

--
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution"

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Confirmed the false positive.

The issue is fixed now.

Please re-run the scan.

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Feel free to contact Magento Security Team regarding the security scan tool over support team or directly at security@magento.com 

To report a proven security vulnerability please submit it over BugCrowd project: https://bugcrowd.com/magento

 

Best regards,

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Thank you @msavich!

--
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution"

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Seems to be happening on Magento 2.2.3, so not fixed

We are getting "Your site is compromised with injected JavaScript. (68)" ........

Have scanned using lots of other tools including magereport.com and run malware scans directly on the files system, and dumped page source code, all report zero problems

Only the Magento Security Scan Tool reports this

Highlighted

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Please re-check. It should be fixed now.

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Hello.

 

We received this message with last week scan:

 

Your site is compromised with injected JavaScript. (131)
The malicious code signature(s) has been found on the page.

 

v1.7.0.2

 

All security patchs up to date

 

Runned many malware / antivir tools, in own server and online tools. None of them found anything wrong.

 

Can be again false positive?

 

thanks.